Hello Pete! I believe what they're referencing here is the implementation of SPF, DKIM, and ultimately DMARC. These are DNS records that allow your server and other's to validate deliveries from the domains you host and confirm they are coming from legitimate sources. You can find instructions for implementing these here on our KB section and if you have any questions just let us know!

Maybe Kyle

I’ve signed up for a trial with EasyDmarc and am

awaiting some reports labelled compliance, geolocation and failure.

I think this is what NSCS are describing tho could be wrong. 

It’s like - Ok well done you have set up the SPF and Dkim and a neutral DMARC - now let’s see what happens to your mail delivery when we gradually increase the strictness of your DMARC. And let’s monitor it on an ongoing basis and provide said reports.

Does that make sense? Maybe I’m completely wrong as never been one for carefully reading the instructions.

Thanks for getting back btw :)

You get the reports from several domains. Read them, eksecute and then make sure you dont get the reports over time.

That makes sense Pete, but that isn't a tool I'm aware off out of box. I do know Cloudflare (and probably anyone offering DNS/security) offers DMARC functionality that monitors your SPF/DKIM/DMARC compliance over time. Our reports there show the most popular IPs that are spoofing our domain as well which allows us to see where most of the spoofed content is originating and hopefully implement stops for it. That might be in line with what they're looking for here. You might have luck asking on ServerFault or StackOverflow as well, these compliance type questions can be tricky!